What are the best options out there to be able to provide a guest wireless internet access so they can't see the rest of devices in LAN?, what's the best and also cost effective appliance that will do that?

9 Answers
9

My company is looking into the same issue. Unless I read something better here, we are going with 2 Linksys wireless routers....running DDWRT.

We like to have the public AP auto-disabled during nonbusiness hours as well as blind to our network. It would be totally open, but may have a welcome portal via wifidog (which, thanks to serverfault, I have discovered runs nicely with DDWRT).

The staff router will not broadcast SSID and will use MAC address recognition, be available 24/7 and play nicely with our network.

"Now you can set up a separate Wi-Fi
network with a separate password for
your visitors. Simply enable the new
guest networking feature, and your
guests can use the Internet but can't
access other parts of your private
network, such as your computers,
printers, and attached hard drives."

does that feature actually work? because I have tried the Belking N1 vision and that was a waste of money, the guest account interfere with the other ssid signal and knocks itself down...
–
TerumoMay 31 '09 at 16:46

I don't have an AirPort Extreme, but I'd expect that a product from Apple does what it's meant to do, or you will atleast be able to return it. The AirPort gear was far ahead of the competition 10 years ago when wireless was just starting to become popular, so I'd have high expectations for this device too.
–
mlambieJun 1 '09 at 4:35

Actually, miharp confirms that it works as expected in his/her answer below.
–
mlambieJun 1 '09 at 4:36

Are you looking to do this through a single wireless router or through multiple access points? Many routers are multi-SSID as well as DMZ capable if that's what you want. I would look around for some higher end SOHO boxes like the one's from DrayTek. I have had good luck with them in the past. If you already have the LAN set up with a separate subnet for the guest network then you would just place an AP on each and name/secure them as desired. Both would do the job for you.

Netcomm do a product that provides Layer 2 segregation, effectively running each client in it's own VLAN. It even does an SMTP redirect - very handy if your ISP blocks port 25. Although it's designed as a pay system with tickets, this can just be turned off.

I have a DLink DI-655 and one of recent firmware upgrades came with a new feature, 2 Independent Wifi networks on the AP/Router. The second one is a guest network, with a differnet SSID, the ablity to set different security settings (Primary can be WPA2 w/AES [CCMP] only, and the guest can be WPA w/TKIP for legacy laptops). The guest network can be set to only allow internet access (no internal access).

I've seen it for $100 at Costco. I'm sure that you can order it, or something just like it without much trouble (and it does N with a gigabit ethernet). The Linksys model above is now getting out of date, as it is 802.11g system.